Method, Apparatus and System for Secure Distribution of Content

ABSTRACT

Embodiments of the present invention provide a method, apparatus and system for the secure distribution of content such as audiovisual content in a way that prevents users from misusing the content and provides a mechanism for tracking pirated material back to the original location of misappropriation. A security device, in accordance with one embodiment of the present invention, incorporates encryption methods to insure the broadcast encryption key remains secure. A marking device, in accordance with one embodiment of the present invention, incorporates, for example, digital watermarking methods that attach to the content information to identify a location of origin of the misappropriation, such as a Set-top Box (STB) and/or smart card.

FIELD OF THE INVENTION

The present invention generally relates to content distribution and,more particularly, to a method, apparatus and system for securelycommunicating content such as audiovisual content.

BACKGROUND OF THE INVENTION

Content such as audiovisual content, securely stored within a contentdevice, such as a Set-top Box (STB), is often transferred over anunsecured channel (e.g., a home network), to a software player runningon, for example, a personal computer (PC). The STB uses a sophisticatedconditional access (CA) mechanism to prevent the unauthorized use of thecontent, however, pirating can easily take place along the unsecuredchannel.

As such, what is needed is a method, apparatus and system for the securedistribution of audiovisual content.

SUMMARY OF THE INVENTION

Embodiments of the present invention address these and otherdeficiencies of the prior art by providing a method, apparatus andsystem for the secure distribution of content, such as audiovisualcontent.

In one embodiment of the present invention, a method for the securedistribution of content includes encrypting the content using a firstkey, encrypting the first key using a second key, and distributing theencrypted content and the encrypted first key. In such an embodiment ofthe present invention, the distributed content is decrypted bydecrypting the first key using a locally stored copy of the second keyand decrypting the content using the decrypted first key. The method canfurther include the inclusion of identification information intended toidentify the original intended user of misappropriated content. That is,the method can further include marking the decrypted content foridentification purposes, and re-encrypting the marked content. Inaddition, the method can further include encrypting the content using athird key, the third key being acquired via a secure channel andcommunicating the content encrypted using the third key to a source ofthe third key, wherein the content encrypted using the third key isdecrypted using a local copy of the third key.

In an alternate embodiment of the present invention, an apparatus forthe secure distribution of content includes a secure processing modulefor encrypting and decrypting the content and a smart card for locallystoring and decrypting encryption keys. In the apparatus, upon receivingcontent encrypted with a first key and upon receiving the first keyencrypted with a second key, the smart card of the apparatus decryptsthe first key using a locally stored copy of the second key, and thesecure processing module decrypts the received encrypted content usingthe decrypted first key. The apparatus of the present invention canfurther include a marking module for marking the decrypted content.

In an alternate embodiment of the present invention, a system for thesecure distribution of content includes a content source fordistributing content, an electronic counter-measure device forencrypting the distributed content using a first key and for encryptingthe first key using a second key, an apparatus for receiving the contentencrypted with a first key and the first key encrypted with a second keyand a storage device for storing the received encrypted content and thefirst key. The apparatus of the system can include a secure processingmodule for encrypting and decrypting content and a smart card forlocally storing and decrypting encryption keys. In the system of thepresent invention, upon receiving content encrypted with the first keyand upon receiving the first key encrypted with the second key, thesmart card of the apparatus decrypts the first key using a locallystored copy of the second key, and the secure processing decrypts thereceived encrypted content using the decrypted first key. The apparatusof the system of the present invention can further include a markingmodule for marking the decrypted content. In addition, the system of thepresent invention can further include a content player for communicatinga third key to the apparatus via a secure channel, wherein the apparatusencrypts the decrypted content using the third key and communicates thecontent encrypted using the third key to the content player and thecontent player decrypts the content encrypted via the third key using alocally stored copy of the third key.

BRIEF DESCRIPTION OF THE DRAWINGS

The teachings of the present invention can be readily understood byconsidering the following detailed description in conjunction with theaccompanying drawings, in which:

FIG. 1 depicts a high level block diagram of a system for addingsecurity encryption to content in accordance with an embodiment of thepresent invention;

FIG. 2 depicts a high level block diagram of a system including aset-top box as depicted in FIG. 1 and a software player for receivingand playing the encrypted content of FIG. 1 in accordance with anembodiment of the present invention;

FIG. 3 depicts a high level block diagram of a content distributionsystem in accordance with an embodiment of the present invention;

FIG. 4 depicts a high level block diagram of a content distribution andwatermarking system in accordance with an embodiment of the presentinvention; and

FIG. 5 depicts a high level block diagram of a system for receiving andplaying encrypted content including an alternate watermarking method inaccordance with an alternate embodiment of the present invention.

It should be understood that the drawings are for purposes ofillustrating the concepts of the invention and are not necessarily theonly possible configuration for illustrating the invention. Tofacilitate understanding, identical reference numerals have been used,where possible, to designate identical elements that are common to thefigures.

DETAILED DESCRIPTION OF THE INVENTION

The present invention advantageously provides a method, apparatus andsystem for securely communicating content such as audiovisual contentin, for example, a home network environment. Although the presentinvention will be described primarily within the context of audiovisualcontent in a home network environment including a software player, thespecific embodiments of the present invention should not be treated aslimiting the scope of the invention. It will be appreciated by thoseskilled in the art and informed by the teachings of the presentinvention that the concepts of the present invention can beadvantageously applied in substantially any network for the securetransfer of any content (e.g., video, audio, audiovisual, etc.) to beplayed on substantially any content player.

FIG. 1 depicts a high level block diagram of a system for addingsecurity encryption to content such as audiovisual content in accordancewith an embodiment of the present invention. The system 100 of FIG. 1illustratively comprises an audiovisual content transmission device(illustratively a satellite dish) 110, a Set-top Box 120, an ElectronicCounter-measure device 125 and a content and key storage device 130. Inthe system 100 of FIG. 1, the Set-top Box 120 includes a smart card 140and a secure processing and storage module 150. In the system 100 ofFIG. 1, the module 150 of the Set-top Box has a secure communicationslink to the smart card 140. In addition, the smart card 140 has secureprocessing and storage capabilities.

In the system 100 of FIG. 1, an electronic counter-measure (ECM) messagefrom the ECM device 125 is communicated to the STB 120 along with theaudiovisual content. The ECM message contains, among other things, anencryption key or work key, k_(w). To prevent interception, the workkey, k_(w), is encrypted with a key to be used by the smart card 140.The key is denoted herein as the smart card key, k_(sc) and theencrypted work key as k_(sc)(k_(w)). The smart card key is stored safelyon the smart card 140 and cannot be recovered by someone attempting tointercept or copy the audiovisual content. In the embodiment of FIG. 1,the smart card key is a key to a symmetric key cipher. The encryption ofthe ECM message is not essential to the understanding of the embodimentsof the invention presented herein and, as such, will not be described indetail herein. In one embodiment of the present invention, theencryption of the ECM message can be a public key cipher, however anyknown encryption methods can be applied.

As previously described, the ECM message is stored along with theencrypted audiovisual content in for example the content and key storagedevice 130. Upon playback of the audiovisual content, the ECM isrecalled from storage 150 and the encrypted work key is communicated tothe smart card 140. The smart card 140 uses a local copy of k_(sc) todecrypt and return k_(w) to the secure processing module 150 of the STB120. As such, the STB 120 obtains the necessary key to decrypt thestored audiovisual content. Such decryption can be accomplished in thesecure processing module 150. Although in the embodiment of the systemof FIG. 1 the audiovisual content and ECM is depicted as beingcommunicated to a single STB 120, in alternate embodiments of thepresent invention, the audiovisual content and ECM can be broadcast tomore than one Set-top box or other receiving device for encryption andprocessing as described above. For example, each broadcast audiovisualcontent can be encrypted using a symmetric key cipher. As previouslyrecited, the encryption key or audiovisual work key is herein denoted ask_(w) and the encrypted audiovisual content as k_(w)(w). The encryptedaudiovisual content is received by each STB and stored for later use.

FIG. 2 depicts a high level block diagram of a set-top box 120 asdepicted in FIG. 1 and a software player for receiving and playing theencrypted audiovisual content of FIG. 1 in accordance with an embodimentof the present invention. In FIG. 2, the software player illustrativelycomprises a personal computer (PC) 210. In content distribution systems,it is desirable to allow stored content, such as the audiovisual contentstored in the STB 120 and/or the content and key storage device 130 ofFIG. 1 as described above, to be transferred to a personal computer fordisplay. In FIG. 2, the software player 210 is provided with a uniqueprivate/public key pair and the public key of the STB 120. The softwareplayer 210 encrypts its own public key with the STB public key andcommunicates this information to the STB. The STB can decrypt thismessage with its private key. As such, the two devices know each otherspublic key and they can establish a secure communication channel.Through this channel they create and exchange a session key and thenterminate the secure channel. The session key will be used to securelytransfer the content from the STB to the software player.

More specifically, in one embodiment of the present invention, storedaudiovisual content is communicated directly from STB storage to the PC210. As such, the key, k_(w), needs to be communicated to the PC 210along with the audiovisual content. In the system of FIG. 2, the PC 210is considered an unsecured platform and poses a risk to the security ofthe key, k_(w), which before to the communication to the PC 210 was verysecure.

To maintain the security of k_(w), a link encryption is implemented.More specifically, the PC 210 and the STB 120 use a public key cipher toestablish a secure communications channel, (e.g., a TLS). Public keyciphers, however, are computationally expensive and thus are not oftenused for large data payloads. Instead, this TLS channel is used toestablish and exchange a session key, k_(s), for a symmetric key cipher.The STB will then decrypt the audiovisual content using the work key,k_(w), and then immediately encrypt it using the session key, k_(s).This re-encrypted audiovisual content can then be securely communicatedthrough an unsecured channel, for example a home network, to the PC 210and decrypted there for display.

For example, FIG. 3 depicts a high level block diagram of an audiovisualcontent distribution system in accordance with an embodiment of thepresent invention. The audiovisual content distribution system 300 ofFIG. 3 illustratively includes a content and key storage device 130 anda Set-top Box (STB) 120 as depicted in FIG. 1 and a software player 210as depicted in FIG. 2. In the system of FIG. 3, once a session key,k_(s), has been established, the secure processing device 150 in the STB120 is used to decrypt the work and re-encrypt it using the symmetriccipher session key, k_(s). The encrypted content can then becommunicated to the PC 210 on an unsecured channel, such as a homenetwork. The player can decrypt the content with its copy of the sessionkey, k_(s).

In order to use a public key cipher, the STB 120 and the softwarerunning on the PC 210 must each have a public/private key pair. In oneembodiment of the present invention, the private key of the STB 120,k_(stb) ^(pv), is embedded in the secure processing module 150 duringmanufacture and the public key, k_(sb) ^(pu), is stored in a securedatabase for subsequent distribution. The software player 210 cancomprise a proprietary player distributed by a STB owner/operator to itscustomers upon request. Each copy of the software player 210 willcontain a unique private/public key pair, (k_(pc) ^(pv),k_(pc) ^(pu)). Acustomer request for audiovisual content will include the uniqueidentification of an STB from which the connection is requested. Thepublic key of that STB will be embedded into a respective softwareplayer ensuring that the software player can only work with that STB.This also gives an STB operator a record of which STBs have been enabledto communicate with which PCs.

As such and in accordance with the present invention, the STB 120 has aprivate key and the software player 210 will have the correspondingpublic key as well as its own private/public key pair. The softwareplayer 210 initiates a connection with the STB 120 over an unsecuredchannel, for example a home network, and can communicate to the STB 120information regarding its public key. In such a manner, the STB 120 andthe software player 210 are able to establish a secure channel throughwhich they can establish and exchange a symmetric cipher session key asdescribed above with reference to FIG. 2.

Many protocols for establishing a secure channel require that allcommunication devices have signed digital certificates from a trustedsource. Given the proprietary nature of the proposed architecture, thesecertificates can be generated by, for example, the STB operator (thetrusted source) and provided to both the STB 120 and the software player210. This ensures that the STB 120 will only establish a secure linkwith an STB-operator authorized software player. The concepts of thepresent invention as described above will assist in protectingdistributed audiovisual content from being pirated. In variousembodiments of the present invention, advanced software securitytechniques are implemented to protect the software private key andderived session key from being discovered. Unfortunately however,knowledgeable pirates most likely will be successful in discoveringthese keys. Once discovered, the session key can be used to decrypt theaudiovisual content. However, in accordance with an embodiment of thepresent invention, different audiovisual content will be encrypted witha different session key. As such, while a discovered key is valuable fordecrypting corresponding protected audiovisual content on acorresponding STB, the discovered key will not be valuable to anyoneelse having a different STB nor would it be useful for decrypting otherdistributed audiovisual content. To do so, another session key wouldneed to be discovered.

Even further, a software private key can be discovered and used toobserve a TLS session, thus learning each session key as the session isestablished. For example, there can be two groups of individuals whomight pursue such unauthorized copying: customers who which to makecopies for themselves and their friends and professional thieves. Onedifference between these two groups is that the misbehaving customersobtain primary value from the content delivery service and onlysecondary value from the copying. Professional thieves take advantage ofthe content delivery service for the purpose of generating piratecontent.

Digital watermarking is a technique for modifying digital imagery inorder to attach certain identifiable metadata to audiovisual content.The metadata is recoverable from a copy of the watermarked content, evenif that content has been re-compressed or has been converted to analogformat. The digital watermark in content is also intended to survive thedecryption, decoding, and digital-to-analog conversion of content thatcan be performed in a single secure silicon chip so that the onlycapturable, clear text content is analog. Such a process is commonlyreferred to as the “Analog Hole”.

In various embodiments of the present invention, watermarking can beoptionally applied to audiovisual content secured in accordance with thepresent invention. For example, in a first approach, receivedaudiovisual content is not directly stored in a Set-top Box (STB).Instead, the content is decrypted, watermarked, and re-encrypted priorto storage. The watermark contains information that uniquely identifiesthe STB and the associated smart card and includes a timestampindicating a receiving and recording time.

FIG. 4 depicts a high level block diagram of an audiovisual contentdistribution and watermarking system in accordance with an embodiment ofthe present invention. The system 400 of FIG. 4 illustratively includesa content transmission device (illustratively a satellite dish) 110, acontent and key storage device 130 and a Set-top Box (STB) 120 asdepicted in FIG. 1. However, in the system of FIG. 4, the STB 120further comprises a watermarking module 175 for applying a watermark tothe content received from the content transmission device 110 prior tostorage in the content and key storage device 130.

In the system 400 of FIG. 4, if the security of the STB 120 iscompromised and the content is successfully obtained from the STB 120and is successfully pirated, the watermark applied by the watermarkingmodule 175 will identify the offending STB/customer. The watermarking ofthe present invention, however, introduces an additionaldecryption/encryption cycle to the process and this, along with thewatermarking, can become computationally expensive for real-timeprocessing in the STB.

As such, in an alternate embodiment of the present invention, thecontent is not watermarked during storage, but instead, watermarked asthey are transferred to the software player. For example, FIG. 5 depictsa high level block diagram of a system for receiving and playingencrypted audiovisual content including an alternate watermarking meansin accordance with an alternate embodiment of the present invention. Thesystem 500 of FIG. 5 illustratively includes a content and key storagedevice 130 and a Set-top Box (STB) 120 as depicted in FIG. 1 and asoftware player 210 as depicted in FIG. 2. Similar to the embodimentdepicted in FIG. 1, received content is stored directly in its encryptedform. Upon request, the content is decrypted and re-encrypted with thesession key as before, however in the embodiment of FIG. 5, a watermarkis added by the watermarking module 175 to the content. As previouslydescribed, the watermark can include a time stamp identifying at leastthe time of download and, if available from the STB storage, the time ofinitial storage as is the case in the first watermarking approach. Inaddition, a unique ID of the software player 210 is now known at thetime of watermarking (i.e., because of the digital signature), and assuch, information identifying the particular software player 210 can beincluded in the watermark information.

In one embodiment of the present invention, the watermark is addeddirectly into an MPEG-2 bitstream. The marking process can be real-timefor the first watermarking embodiment described with respect to FIG. 4and can be faster than real-time for the second watermarking embodimentdescribed with respect to FIG. 5. In one embodiment, the watermarkingprocess does not introduce any visible or audible artifacts that wouldtip off a user of its existence. In addition, the watermark data can berecoverable after resizing to a smaller size, transcoding, and a numberof other standard television picture processes including de-interlacing,noise reduction, color adjustment, etc. A watermark detector (not shown)does not have any information included in the embedding process. Thatis, an embedder (not shown) and detector can share a secret, but thedetector will not know, apriori, which embedder was used. Detection is aforensic operation and can be slower than real-time.

Both above described watermarking approaches embed customer identifyinginformation into content that are intended to be viewed and notdistributed If a user obtains piracy software that discovers softwareplayer keys and if that user uses that piracy software to makeunauthorized copies of works stored on the STB, those copies willcontain watermarks with identifying information to identify the locationof origin of the pirated content. If any of those copies are distributed(i.e., on a P2P network or on a web site for example), each and everyunauthorized copy will contain the necessary forensic information (e.g.,watermark and identification information) to identify the originalintended recipient of that content. After such discovery, an STBoperator can take any remedial action deemed appropriate including butnot limited to sending a warning letter, to cancellation of service, tothe pursuit of legal remedies and the like.

In accordance with various embodiments of the present invention, an STBincludes a private/public key pair. The private key is embedded in theSTB and the public key is stored in a secure database by the STBoperator. The STB can also include a digital certificate supplied by theSTB operator. Subsequently, a customer can contact the STB operator andrequests a software player for viewing desired content. The request isaccompanied by an STB identifier (this request could be facilitatedthrough the STB). The STB operator recovers the STB public key from thedatabase, creates a digital certificate for the software player, andcommunicates such information to the customer. Additionally, and asdescribed above, the software player has its own private/public keypair.

As described above, in a first approach, content to be stored locally atthe STB is first decrypted, watermarked, and then re-encrypted. Thesoftware player initiates a session with the STB and provides its publickey. The software player and the STB negotiate a secure channel usingtheir digital certificates, and establish a session key. In the firstapproach, stored watermarked content is decrypted on the STB andre-encrypted with the session key before being transferred to thesoftware player.

In the second approach, stored content is decrypted on the STB,watermarked, and then re-encrypted with the session key before beingcommunicated to the software player. The software player decrypts thecontent with the session key and plays the content.

Having described various embodiments for a method, apparatus and systemfor the secure distribution of content (which are intended to beillustrative and not limiting), it is noted that modifications andvariations can be made by persons skilled in the art in light of theabove teachings. It is therefore to be understood that changes may bemade in the particular embodiments of the invention disclosed which arewithin the scope and spirit of the invention as outlined by the appendedclaims. While the forgoing is directed to various embodiments of thepresent invention, other and further embodiments of the invention may bedevised without departing from the basic scope thereof.

1. A method for secure distribution of content, comprising: encryptingthe content using a first key; encrypting the first key using a secondkey; and distributing the encrypted content and the encrypted first key;wherein the content is decrypted by decrypting the first key using alocally stored copy of the second key and decrypting the content usingthe decrypted first key.
 2. The method of claim 1, further comprising:encrypting the decrypted content using a third key, the third key beingacquired via a secure channel; and communicating the content encryptedusing the third key to a source of the third key, wherein the contentencrypted using the third key is decrypted using a local copy of thethird keys.
 3. The method of claim 2, further comprising: marking thedecrypted content for identification purposes prior to the encryption ofthe content using the third key.
 4. The method of claim 1, furthercomprising: marking the decrypted content for identification purposes;and re-encrypting the marked content using the first key.
 5. The methodof claim 4, further comprising: storing the marked and re-encryptedcontent.
 6. The method of claim 4, wherein the mark comprises awatermark.
 7. The method of claim 1, further comprising: storing thedistributed content and first key prior to decryption.
 8. The method ofclaim 1, wherein the first key comprises a work key.
 9. The method ofclaim 1, wherein the second key comprises a smart card key.
 10. Themethod of claim 2, wherein the third key comprises a session key. 11.The method of claim 1, wherein the content comprises audiovisualcontent.
 12. An apparatus for secure distribution of content,comprising: a secure processing module for encrypting and decryptingcontent; and a smart card for locally storing and decrypting encryptionkeys; wherein upon receiving content encrypted with a first key and uponreceiving the first key encrypted with a second key, the smart card ofthe apparatus decrypts the first key using a locally stored copy of thesecond key, and the secure processing module decrypts the receivedencrypted content using the decrypted first key.
 13. The apparatus ofclaim 12, further comprising a marking module for marking the decryptedcontent.
 14. The apparatus of claim 13, wherein the secure processingmodule re-encrypts the marked content using the first key.
 15. Theapparatus of claim 12, wherein the apparatus receives a third key from acontent player via a secure channel and wherein the secure processingmodule encrypts the decrypted content using the third key and whereinthe apparatus communicates the content encrypted using the third key tothe content player.
 16. The apparatus of claim 15, wherein the contentplayer decrypts the content encrypted via the third key using a locallystored copy of the third key.
 17. The apparatus of claim 15, furthercomprising a marking module for marking the decrypted content prior toencrypting the content using the third key.
 18. A system for securedistribution of content, comprising: a content source for distributingcontent; a electronic counter-measure device for encrypting thedistributed content using a first key and for encrypting the first keyusing a second key; an apparatus for receiving the content encryptedwith a first key and the first key encrypted with a second key, theapparatus including: a secure processing module for encrypting anddecrypting content; and a smart card for locally storing and decryptingencryption keys; and a storage device for storing the received encryptedcontent and the first key; wherein upon receiving content encrypted withthe first key and upon receiving the first key encrypted with the secondkey, the smart card of the apparatus decrypts the first key using alocally stored copy of the second key, and the secure processingdecrypts the received encrypted content using the decrypted first key.19. The system of claim 18, wherein the apparatus further comprises amarking module for marking the decrypted content.
 20. The system ofclaim 19, wherein the secure processing module of the apparatusre-encrypts the marked content using the first key.
 21. The system ofclaim 20, wherein the marked, re-encrypted content is stored in thestorage device.
 22. The system of claim 18, further comprising: acontent player for communicating a third key to the apparatus via asecure channel; wherein the apparatus encrypts the decrypted contentusing the third key and communicates the content encrypted using thethird key to the content player and the content player decrypts thecontent encrypted via the third key using a locally stored copy of thethird key.
 23. The system of claim 22, wherein the apparatus furthercomprises a marking module for marking the decrypted content prior toencrypting the content using the third key.